1. Field of the Invention
This invention pertains in general to computer security and in particular to providing secure remote access to network services.
2. Description of the Related Art
Network entities providing services to remote users are vulnerable to attack. Oftentimes, it is desirable to make services on a server or other entity available to remote users. For example, an individual having a home server might want to have remote access in order to retrieve media or other content stored on the home server. Similarly, an enterprise operating a set of servers might want to allow remote access to the servers in order to allow employees to perform remote maintenance and similar tasks.
Oftentimes a server on a public network such as the Internet is protected by a firewall that blocks unauthorized traffic to the server. In order to allow remote access to the server, an administrator of the server configures the firewall to allow access to the server's network ports used by the services that are to be accessed remotely. The applications running on the server to provide the services, in turn, are secured to resist unauthorized network access.
However, even supposedly secure applications are subject to attack via the network. Servers on public networks are under constant threat of attack, and any open port is an invitation for an attacker to try to identify and exploit any security vulnerabilities that might be present in the applications. Such applications are especially vulnerable to so-called “zero day attacks” where a vulnerability that was not previously known is used to exploit and comprise applications that were thought to be secure. Therefore, it is risky to open any firewall ports in order to provide remote access to services on a server connected to a public network.